I have a friend who travels overseas for extended periods of time, and he winds up changing phone numbers and sometimes devices with some frequency (lost / broken devices, and issues with foreign countries and cell phone minutes getting stolen somehow).
He just came back with a broken iPhone, and we still can’t get access to his Gmail account. We got lucky with his Apple ID as two-factor wasn’t set up, so we could get in without the “trusted device”.
But let’s say we hadn’t been lucky, and two-factor wasn’t set up. If a device & SIM were both lost / destroyed, and you thus couldn’t access either your “trusted device” or your recovery phone number, how would you get into an Apple account with two-factor enabled?
I’m actually considering just creating creating a second account for him on my Mac, and getting that set up with his iCloud so that there would be another “trusted device” that would be much less likely to get lost, stolen, destroyed, etc. But I’m wondering if there would be any potentially nasty consequences for me if somebody managed to hack his cloud account or something.
This wouldn’t be nearly as big of a deal if Apple didn’t constantly push people to sign up for two-factor. He got his new phone, went through setup, and somehow now his two-factor is turned back on.
Anybody in a situation like this? @tjluoma, I seem to recall you doing something like this for a relative … ? Any advice would be appreciated!
Yes, I have something like this set up for my Mother-In-Law, although not exactly for that reason.
The odds of that happening are extremely small. You could reduce the odds to me almost zero by creating him an account on your Mac which is not an administrator account.
By default, Remote Login and Screen Sharing are only available to administrator accounts, so even if someone did manage to get his iCloud information, there is nearly no way they would ever be able to use that to access your Mac.
In that situation, I would assume you could get a new SIM/device with the same number as your old number, but I don’t know if that would help you get into your 2FA Apple account.
Your idea to create a backup Mac account for him is a very good one. I would do that in your position.
He uses a prepaid service, and I have no idea how that even works for those. But like you said, I’m not even sure if that would even help.
The thing is, Apple requires 2FA. Requires, not “strongly suggests”. They basically made him turn it on during his most recent device activation, and now he can’t turn it off. I find myself wondering what their expectation of the average user is that 2FA is both required and can only be done on a trusted Apple device.
I’m sure it would work fine to set up your friend on one of your computers. Apple’s suggestion is for him to have a secondary trusted phone number on his account–the second phone number can receive codes if the device and the main phone go down. He could also set up a cheap used phone as a second trusted device (which you could keep handy for him.)